IETF Logo Mail Archive

Re: [COSE] Authentication tag

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 17 March 2017 17:10 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0303F1294FB for <cose@ietfa.amsl.com>; Fri, 17 Mar 2017 10:10:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NlU1-BL52oWl for <cose@ietfa.amsl.com>; Fri, 17 Mar 2017 10:10:48 -0700 (PDT)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) by ietfa.amsl.com (Postfix) with ESMTP id 57B7A1294CD for <cose@ietf.org>; Fri, 17 Mar 2017 10:10:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 7134F1F46B; Fri, 17 Mar 2017 19:10:47 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id XRbIIPkyEnMs; Fri, 17 Mar 2017 19:10:47 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 2D809C4; Fri, 17 Mar 2017 19:10:47 +0200 (EET)
Date: Fri, 17 Mar 2017 19:10:40 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Samuel Erdtman <samuel@erdtman.se>
Cc: cose <cose@ietf.org>, Jim Schaad <ietf@augustcellars.com>
Message-ID: <20170317171039.GB27219@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CAF2hCbYALonNaZ6BrmEhYosCrNsJqLmHs3YMupjOCeRxav2X9A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAF2hCbYALonNaZ6BrmEhYosCrNsJqLmHs3YMupjOCeRxav2X9A@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/zxqN7W3_m7ZRjIyGg80B7KB-e1c>
Subject: Re: [COSE] Authentication tag
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2017 17:10:50 -0000

On Fri, Mar 17, 2017 at 05:50:01PM +0100, Samuel Erdtman wrote:
> Hi
> 
> I´m working on a JavaScript implementation of the COSE msg specification,
> currently working on the GCM encryption.
> 
> In the nodejs crypto environment the authentication tag is set separately
> i.e. a specific setAuthTag call. I looked into openssl and could see that
> that was the case there too.
> 
> In the examples provided with the COSE specification I could find out that
> the auth tag is appends to the end of the ciphertext.

Well, COSE specification refers to RFC 5116 for definition of AE and
AEAD, and that framework only allows single ciphertext output, which
as consequence must contain the tag.

(How it contains the tag is actually algorithm-dependent, but most
have it at the end).



-Ilari

v2.23.0 | Report a Bug | By Email